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REMARKS 

In response to the Final Office Action dated March 24, 2004, Applicants respectfully 
request reconsideration. To further the prosecution of the present application, each of the 
rejections set forth in the Office Action has been considered and is addressed below. The 
application is believed to be in condition for allowance. 

Rejections Under 35 U.S.C. §102 

Claims 1-13, 15-21, 23-41, 43-57, and 60-66 stand rejected under 35 U.S.C. § 102(e) as 
purportedly being anticipated by U.S. Patent No. 6,484,173 (herein referred to as O'Hare). 
Applicants respectfully traverse this rejection. 

Initially, Applicants wish to clarify an inadvertent mischaracterization of O'Hare made in 
Applicants' response filed December 29, 2003. At page 19, lines 13-16 of Applicants' 
December 29, 2003 response, Applicants mistakenly characterized the system calls of O'Hare as 
performing both administrative operations and data accesses (i.e., read and write operations). 
For this reason, Applicants argued that a system call does not meet the definition of Applicants' 
claimed non-media access request. Upon reconsideration in preparing this response, the 
undersigned now believes that O'Hare does not disclose system calls that directly read and write 
data, but rather only those that perform administrative-like operations (O'Hare, col. 1, lines 29- 
36). Thus, Applicants withdraw any assertion that the system calls of O'Hare perform read and 
write operations. 

Nevertheless, Applicants' claims patentably distinguish over O'Hare for the reasons 
discussed below. 

Claim 1 

Claim 1 is directed to a method for managing access to a shared resource by a plurality of 
devices that are coupled to the shared resource via a network. The method includes acts of: 
(a) in response to a non-media access request by a first of the plurality of devices to a logical 
device at the shared resource for which the first device has no data access privileges, 
determining, based, at least in part, on an identity of the first device, whether the first device is 
authorized to have non-media access to the logical device; and (b) authorizing the non-media 
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access request when it is determined in the act (a) that the first device is authorized to have non- 
media access to the logical device. 

In Applicants' response of December 29, 2003, Applicants argued that O'Hare does not 
disclose the authorizing of a non-media access request to a logical volume for a device that lacks 
data access privileges to that logical device {see Applicants' response of December 29, 2003, 
page 19, lines 20-24). 

In response to that argument, the Office Action asserts that when a pass override is set, 
system calls to a data storage device are permitted even when data access privileges are 
prevented to that device {see Office Action, paragraph 7, pages 12-13). In O'Hare, a pass 
override allows all system calls to a data storage device, regardless of any access privileges for 
the device or the requestor {see O'Hare, col. 13, lines 23-26 and Figure 6, steps 212 and 214). 
However, when a pass override is set, the decision to allow a system call is not made based on 
the identity of the host computer making the system call. A pass override causes all system calls 
to be allowed regardless of the identity of the host computer making the request. This can be 
seen in Fig. 6, wherein the identity of the requestor is not considered in the application of the 
reject (step 204) or pass (step 212) overrides, but is considered {see e.g., steps 216, 220, 226, and 
230) only when no override is set. 

By contrast, claim 1, as amended, recites: "determining, based, at least in part, on an 
identity of the first device, whether the first device is authorized to have non-media access to the 
logical device." Determining whether the device is authorized to have non-media access to the 
logical volume based, at least in part, on the identity of the device is different from determining 
whether a device is authorized to access a logical volume based on whether a pass override is set. 
For example, the pass override feature of O'Hare must be set (or not) consistently for all 
requestors, such that access cannot be separately controlled based on the identity of the 
requestor. 

Claims 2-14 depend from claim 1 and are patentable for at least the same reasons. 
Claim 15 

Claim 15 is directed to a method for managing access to a storage system by a plurality 
of devices that are coupled to the storage system via a network, the storage system including a 
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plurality of logical volumes of data. The method includes acts of: (a) maintaining, in a data 
structure that is accessible to a filter that controls access to each of the plurality of logical 
volumes, configuration information identifying each logical volume of the plurality of logical 
volumes to which data access by a first device of the plurality of devices is authorized; (b) in 
response to a non-media access request by the first device to a first logical volume for which the 
first device has no data access privileges, determining, based, at least in part, on an identity of 
the first device, whether the first device is authorized to have non-media access to the first 
logical volume; and (c) authorizing the non-media access request when it is determined in the act 
(b) that the first device is authorized to have non-media access to the first logical volume. 

As should be appreciated from the foregoing, O'Hare does not teach or suggest 
determining, based, at least in part, on an identity of the first device, whether the first device is 
authorized to have non-media access to the first logical volume. Therefore, it is respectfully 
asserted that claim 15 patentably distinguishes over O'Hare, such that the rejection of claim 15 
under §102 as being anticipated by O'Hare should be withdrawn. 

Claims 16-27 depend from claim 15 and are patentable for at least the same reasons. 

Claim 28 

Claim 28 is directed to an apparatus for use in a computer system including a plurality of 
devices, a shared resource, and a network that couples the plurality of devices to the shared 
resource, the apparatus comprising: an input to be coupled to the network; and at least one filter, 
coupled to the input, that is responsive to a non-media access request by a first of the plurality of 
devices to a logical device at the shared resource for which the first device has no data access 
privileges, to determine, based, at least in part, on an identity of the first device, whether the first 
device is authorized to have non-media access to the logical device, and to authorize the non- 
media access request when it is determined that the first device is authorized to have non-media 
access to the logical device. 

As should be appreciated from the foregoing, O'Hare does not teach or suggest an 
apparatus that includes at least one filter at least one filter to determine, based, at least in part, on 
an identity of the first device, whether the first device is authorized to have non-media access to 
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the logical device. Therefore, claim 28 patentably distinguishes over O'Hare, such that the 
rejection of claim 28 under §102 as being anticipated by O'Hare should be withdrawn. 

Claims 29-42 depend from claim 28 and are patentable for at least the same reasons. 

Claim 43 

Claim 43 is directed to a computer readable medium comprising a data structure relating 
to access management by a plurality of network devices to data stored on a plurality of logical 
devices. The data structure includes a plurality of records, each corresponding to one of the 
network devices, and a first record corresponding to a first of the network devices and including 
configuration information identifying each of the logical devices to which data access by the first 
network device is authorized. The first record further includes visibility information identifying 
whether the first network device is authorized to have non-media access to a first of the plurality 
of logical devices when the configuration information corresponding to the first network device 
identifies that no data access to the first logical device from the first network device is 
authorized. 

As should be appreciated from the foregoing, there is no teaching or suggestion in 
O'Hare of providing a data structure relating to access management for network devices wherein 
a record in the data structure includes visibility information identifying whether a first network 
device that has no data access privileges to a first logical device is nevertheless authorized to 
have non-media access to the first logical device. Therefore, it is respectfully asserted that claim 
43 patentably distinguishes over O'Hare, such that the rejection of claim 43 under §102 as being 
anticipated by O'Hare should be withdrawn. 

Claims 44-47 depend from claim 43 and are patentable for at least the same reasons. 

Claim 48 

Claim 48 is directed to an apparatus for use in a computer system including a plurality of 
devices, a storage system, and a network that couples the plurality of devices to the storage 
system. The apparatus comprises: an input to be coupled to the network; a data structure that 
stores configuration information identifying each logical volume of data of a plurality of logical 
volumes of data stored on the storage system to which data access by a first device of the 
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plurality of devices is authorized; and at least one filter, coupled to the input, that is responsive to 
a non-media access request by the first device to a first logical volume of data of the plurality of 
logical volumes of data for which the first device has no data access privileges, to determine, 
based, at least in part, on an identity of the first device, whether the first device is authorized to 
have non-media access to the first logical volume of data, and to authorize the non-media access 
request when it is determined that the first device is authorized to have non-media access to the 
first logical volume of data. 

As should be appreciated from the foregoing, O'Hare does not disclose an apparatus that 
comprises at least one filter to determine, based, at least in part, on an identity of the first device, 
whether the first device is authorized to have non-media access to the first logical volume of 
data. Therefore, it is respectfully asserted that claim 48 patentably distinguishes over O'Hare, 
such that the rejection of claim 48 under §102 as being anticipated by O'Hare should be 
withdrawn. 

Claims 49-59 depend from claim 48 and are patentable for at least the same reasons. 
Claim 60 

Claim 60 is directed to a storage system comprising a plurality of storage devices that 
store a plurality of logical volumes; a data structure to store configuration information; and a 
filter to selectively forward non-media access requests from a first network device to a first 
logical volume when the configuration information identifies that no data access to the first 
logical volume from the first network device is authorized. 

As should be appreciated from the foregoing, O'Hare does not teach or suggest a storage 
system that comprises a filter that selectively forwards non-media access requests from a first 
network device to a first logical volume when configuration information identifies that no data 
access to the first logical volume from the first network device is authorized. Therefore, it is 
respectfully asserted that claim 60 patentably distinguishes over O'Hare, such that the rejection 
of claim 60 under §102 as being anticipated by O'Hare should be withdrawn. 

Claims 61-66 depend from claim 60 and are patentable for at least the same reasons. 
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CONCLUSION 



In view of the foregoing amendments and remarks, this application should now be in 
condition for allowance. A notice to this effect is respectfully requested. If the Examiner 
believes, after this amendment, that the application is not in condition for allowance, the 
Examiner is requested to call Applicants' attorney at the telephone number listed below to 
discuss any outstanding issues relating to the allowability of the application. 

If this response is not considered timely filed and if a request for an extension of time is 
otherwise absent, Applicant hereby requests any necessary extension of time. If there is a fee 
occasioned by this response, including an extension fee, that is not covered by an enclosed 
check, please charge any deficiency to Deposit Account No. 23/2825. 



Respectfully submitted, 

Steven M. Blumenau et aL, Applicants) 




Richard F. Giunta, Reg. No. 36,149 
Wolf, Greenfield & Sacks, P.C. 
600 Atlantic Avenue 
Boston, Massachusetts 022 1 0-22 1 1 
Telephone: (617) 720-3500 
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